11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Slides:

Advertisements

Similar presentations

Basic Communication on the Internet:

Advertisements

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Chapter 7 HARDENING SERVERS.

Lesson 7: Business, , & Personal Information Management

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Computer Security and Penetration Testing

Guide to Operating System Security Chapter 10 Security.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.

1 SMTP Transport Configuration SMTP Configurations and Virtual Servers Customizing the SMTP Service.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Electronic Mail (SMTP, POP, IMAP, MIME)

Computer Concepts 2014 Chapter 7 The Web and .

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.

Chapter 6: Web Security Security+ Guide to Network Security Fundamentals Second Edition.

Internet-Based Client Access

Security Awareness Chapter 3 Internet Security. Security Awareness, 3 rd Edition2 Objectives After completing this chapter, you should be able to do the.

A form of communication in which electronic messages are created and transferred between two or more devices connected to a network.

 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.

Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.

Web Security Chapter 6. Learning Objectives Understand SSL/TLS protocols and their implementation on the Internet Understand HTTPS protocol as it relates.

Security+ All-In-One Edition Chapter 14 – and Instant Messaging Brian E. Brzezicki.

1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.

(or ?) Short for Electronic Mail The transmission of messages over networks.

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Electronic Mail. Client Software and Mail Hosts –Client PC has client software that communicates with user’s mail host –Mail hosts deliver.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Module 9: Fundamentals of Securing Network Communication.

Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.

Security Technology Clients and Mail Servers

1 Figure 9-6: Security Technology  Clients and Mail Servers (Figure 9-7) Mail server software: Sendmail on UNIX, Microsoft Exchange,

Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.

OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices.

INTERNET PROTOCOLS. Microsoft’s Internet Information Server Home Page Figure IT2031 UNIT-3.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Security fundamentals Topic 9 Securing internet messaging.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Lesson Background  is the most popular application on the Internet and the intranet.  Twelve million s were sent each day in.

Securing Access to Data Using IPsec Josh Jones Cosc352.

VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.

Week-2 (Lecture-1) An electronic message sent from one computer to another. contains account i.e. How does.

Chapter 11 Panko and Panko Business Data Networks and Security, 11 th Edition Copyright © 2016 Pearson Finally, Layer 5!

Comparison of Network Attacks COSC 356 Kyler Rhoades.

Network System Security - Task 2. Russell Johnston.

TMG Client Protection 6NPS – Session 7.

Section A: Web Technology

Internet Business Associate v2.0

Level 2 Diploma Unit 10 Setting up an IT Network

Chapter 17 Risks, Security and Disaster Recovery

Simple Mail Transfer Protocol

Chapter 7 Network Applications

Module 4 System and Application Security

Presentation transcript:

11 SECURING INTERNET MESSAGING Chapter 9

Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging.  Describe how to secure mail servers.  Describe how to secure mail clients.  Describe how to secure instant messaging (IM).  Explain basic concepts of Internet messaging.  Describe how to secure mail servers.  Describe how to secure mail clients.  Describe how to secure instant messaging (IM).

Chapter 9: SECURING INTERNET MESSAGING3 UNDERSTANDING INTERNET MESSAGING BASICS  is a popular communications medium.  is a common target of attackers and hoaxes.  security must address servers, clients, and protocols.  IM supports real-time interaction.  is a popular communications medium.  is a common target of attackers and hoaxes.  security must address servers, clients, and protocols.  IM supports real-time interaction.

Chapter 9: SECURING INTERNET MESSAGING4 TYPES OF MESSAGING   Standardized protocols  Delayed communication  IM  Few standards  Real-time communication  List of online partners   Standardized protocols  Delayed communication  IM  Few standards  Real-time communication  List of online partners

Chapter 9: SECURING INTERNET MESSAGING5 PROCESSING  Store and forward mechanism  DNS Mail Exchanger (MX) records  American Standard Code for Information Interchange (ASCII) format  Multipurpose Internet Mail Extensions (MIME) encoding  Store and forward mechanism  DNS Mail Exchanger (MX) records  American Standard Code for Information Interchange (ASCII) format  Multipurpose Internet Mail Extensions (MIME) encoding

Chapter 9: SECURING INTERNET MESSAGING6 STORE AND FORWARD

Chapter 9: SECURING INTERNET MESSAGING7 HEADER  Sender and receiver addresses  MIME attachments  client software  servers  Clear text, unencrypted  Sender and receiver addresses  MIME attachments  client software  servers  Clear text, unencrypted

Chapter 9: SECURING INTERNET MESSAGING8 PROTOCOLS  Simple Mail Transfer Protocol (SMTP)  Post Office Protocol (POP)  Internet Message Access Protocol (IMAP)  Simple Mail Transfer Protocol (SMTP)  Post Office Protocol (POP)  Internet Message Access Protocol (IMAP)

Chapter 9: SECURING INTERNET MESSAGING9 HOW SERVERS SEND AND RECEIVE MESSAGES

Chapter 9: SECURING INTERNET MESSAGING10 NATIVE SECURITY  No encryption  Easily intercepted  No authentication  Easily forged or spoofed  No encryption  Easily intercepted  No authentication  Easily forged or spoofed

Chapter 9: SECURING INTERNET MESSAGING11 SPAM  Spam can be either unsolicited commercial (UCE) or unwanted noncommercial .  More than half of all on the Internet is spam.  Spam wastes significant online resources.  Filters and blacklists reduce spam.  Spam can be either unsolicited commercial (UCE) or unwanted noncommercial .  More than half of all on the Internet is spam.  Spam wastes significant online resources.  Filters and blacklists reduce spam.

Chapter 9: SECURING INTERNET MESSAGING12 REDUCING SPAM  Never respond to spam.  Don’t post your address on your Web site.  Use a secondary address in newsgroups.  Don’t provide your address online without knowing how it will be used.  Use a spam filter.  Never buy anything advertised in spam.  Never respond to spam.  Don’t post your address on your Web site.  Use a secondary address in newsgroups.  Don’t provide your address online without knowing how it will be used.  Use a spam filter.  Never buy anything advertised in spam.

Chapter 9: SECURING INTERNET MESSAGING13 SCAMS  The purpose of a scam is to defraud rather than sell a product.  Education is the best defense.  Create a policy to control the release of sensitive information.  The purpose of a scam is to defraud rather than sell a product.  Education is the best defense.  Create a policy to control the release of sensitive information.

Chapter 9: SECURING INTERNET MESSAGING14 HOAXES  Spread misleading information, often called urban myths  Often spread like chain letters  Often start with malicious intent  Inappropriately use systems  Can be minimized by educating users about the proper handling of hoaxes  Spread misleading information, often called urban myths  Often spread like chain letters  Often start with malicious intent  Inappropriately use systems  Can be minimized by educating users about the proper handling of hoaxes

Chapter 9: SECURING INTERNET MESSAGING15 SERVER VULNERABILITIES  Data theft or tampering  Denial of service (DoS)  Spam, scams, and hoaxes  Spoofing  Mail relay  viruses  Data theft or tampering  Denial of service (DoS)  Spam, scams, and hoaxes  Spoofing  Mail relay  viruses

Chapter 9: SECURING INTERNET MESSAGING16 SECURING SERVERS  Remove unnecessary components.  Block unused protocols.  Disable relaying from unauthenticated connections.  Configure an SMTP bridgehead server.  Install virus filters and antivirus software.  Keep your software updated.  Remove unnecessary components.  Block unused protocols.  Disable relaying from unauthenticated connections.  Configure an SMTP bridgehead server.  Install virus filters and antivirus software.  Keep your software updated.

Chapter 9: SECURING INTERNET MESSAGING17 ACCESS CONTROL  When authenticating client access, consider  POP and IMAP  Proprietary protocols  Web-based  SMTP  When authenticating client access, consider  POP and IMAP  Proprietary protocols  Web-based  SMTP

Chapter 9: SECURING INTERNET MESSAGING18 POP AND IMAP  POP is used more often than IMAP.  Both transmit in clear text.  There are several ways to authenticate a POP user, including  Secure Password Authentication (SPA)  Authenticated Post Office Protocol (APOP)  Encrypted transport protocols such as Internet Protocol Security (IPSec) can be used.  POP is used more often than IMAP.  Both transmit in clear text.  There are several ways to authenticate a POP user, including  Secure Password Authentication (SPA)  Authenticated Post Office Protocol (APOP)  Encrypted transport protocols such as Internet Protocol Security (IPSec) can be used.

Chapter 9: SECURING INTERNET MESSAGING19 PROPRIETARY PROTOCOLS  Nonstandard protocols  Wider range of features  Various levels of authentication security  Different vulnerabilities  Nonstandard protocols  Wider range of features  Various levels of authentication security  Different vulnerabilities

Chapter 9: SECURING INTERNET MESSAGING20 WEB-BASED  Allows browser-based access  Is more versatile for mobile users  Uses strong Web-based authentication  Uses Secure Sockets Layer (SSL) or Transport Layer Security (TLS)  Allows browser-based access  Is more versatile for mobile users  Uses strong Web-based authentication  Uses Secure Sockets Layer (SSL) or Transport Layer Security (TLS)

Chapter 9: SECURING INTERNET MESSAGING21 SMTP ACCESS CONTROL  Allows only authenticated users to send  Supports password authentication  Limits SMTP access to local POP clients  Allows only authenticated users to send  Supports password authentication  Limits SMTP access to local POP clients

Chapter 9: SECURING INTERNET MESSAGING22 SMTP RELAY  SMTP relay forwards incoming messages to another mail server for delivery.  Open relays can be hijacked by spammers.  SMTP relaying should be limited to internal systems.  Limit access to local clients and approved servers to prevent SMTP relay.  SMTP relay forwards incoming messages to another mail server for delivery.  Open relays can be hijacked by spammers.  SMTP relaying should be limited to internal systems.  Limit access to local clients and approved servers to prevent SMTP relay.

Chapter 9: SECURING INTERNET MESSAGING23 OPEN RELAYING

Chapter 9: SECURING INTERNET MESSAGING24 MONITORING  Monitoring can be a privacy issue.  Scan for viruses and malicious code.  Scan to prevent disclosure of confidential information.  Monitoring can be a privacy issue.  Scan for viruses and malicious code.  Scan to prevent disclosure of confidential information.

Chapter 9: SECURING INTERNET MESSAGING25 CLIENT VULNERABILITIES  Impersonation or spoofing  Eavesdropping  Hypertext Markup Language (HTML) vulnerabilities  Software that has not been updated  Viruses and executable programs spread through messages  Web-based  Impersonation or spoofing  Eavesdropping  Hypertext Markup Language (HTML) vulnerabilities  Software that has not been updated  Viruses and executable programs spread through messages  Web-based

Chapter 9: SECURING INTERNET MESSAGING26 SECURING MAIL CLIENTS  Keep clients updated.  Configure security settings on mail servers.  Educate users on safe practices.  Keep clients updated.  Configure security settings on mail servers.  Educate users on safe practices.

Chapter 9: SECURING INTERNET MESSAGING27 ENCRYPTION AND SIGNING  Encryption provides confidentiality for .  There are two ways to secure  Pretty Good Privacy (PGP)  Secure/Multipurpose Internet Mail Extensions (S/MIME)  PGP and S/MIME are based on public key cryptography.  Clients must have a certificate issued by a certification authority (CA).  Encryption provides confidentiality for .  There are two ways to secure  Pretty Good Privacy (PGP)  Secure/Multipurpose Internet Mail Extensions (S/MIME)  PGP and S/MIME are based on public key cryptography.  Clients must have a certificate issued by a certification authority (CA).

Chapter 9: SECURING INTERNET MESSAGING28 THREATS TO IM  Unencrypted data transfers are prone to eavesdropping.  Transferred files might bypass virus scanners.  IM has vulnerabilities, such as buffer overflows.  Sensitive information might be disclosed.  Unencrypted data transfers are prone to eavesdropping.  Transferred files might bypass virus scanners.  IM has vulnerabilities, such as buffer overflows.  Sensitive information might be disclosed.

Chapter 9: SECURING INTERNET MESSAGING29 HOW IM WORKS

Chapter 9: SECURING INTERNET MESSAGING30 IM SECURITY  Prohibit the use of IM, if possible.  Block IM traffic on network borders.  Specify and restrict IM software.  Use IM encryption.  Define the acceptable use of IM.  Prohibit the use of IM, if possible.  Block IM traffic on network borders.  Specify and restrict IM software.  Use IM encryption.  Define the acceptable use of IM.

Chapter 9: SECURING INTERNET MESSAGING31 IM SECURITY (CONT.)  Train users how to safely use IM.  Update virus scanners.  Keep IM software updated and patched.  Use internal IM servers.  Train users how to safely use IM.  Update virus scanners.  Keep IM software updated and patched.  Use internal IM servers.

Chapter 9: SECURING INTERNET MESSAGING32 SUMMARY  Secure servers, clients, and the communications between them.  Defend your networks against spam and other unwanted .  Securing clients includes configuring secure authentication methods. Another important client configuration task is to configure the encryption and signing capabilities of the client software.  Secure IM by preventing its use in your organization or by controlling the types of information that can be exchanged by using IM.  Secure servers, clients, and the communications between them.  Defend your networks against spam and other unwanted .  Securing clients includes configuring secure authentication methods. Another important client configuration task is to configure the encryption and signing capabilities of the client software.  Secure IM by preventing its use in your organization or by controlling the types of information that can be exchanged by using IM.